Data protection security analysis oil possible organize access innovation privacy

 

In 2006, British mathematician Clive Hamby declared that data was the new oil and had the potential to fuel a new data-driven industrial revolution. 

He should know, considering he and his wife helped Tesco make £90 million on the first Clubcard attempt. And the “oil well” there really does seem to be pumping that black gold of information to the surface. The global big data analytics market is predicted to be more than $745 billion by 2030. And while it may not be the most reliable metric, big tech companies are pouring billions into AI at a pace described as “the largest injection of capital into a specific technology in the history of Silicon Valley.” We’re told it’s happening. But is it  
really? Are organizations sincerely and consistently monetizing all the data they have and using it for competitive advantage and innovation? 

A further concern is that the safeguards we have put in place, such as GDPR and other global data privacy restrictions, are being deployed in ways that unnecessarily restrict the full flood of AI-driven innovation. 

We were keen to understand how organisations were actually going about it and whether they actually had data monetisation and defined, repeatable workflows in place. 

Specifically, we wanted to see whether organizations were actually leveraging the full potential of their data, had the right levels of protection in place for that data, and were able to access that data within a time frame that was useful to their business. 

So we commissioned a study and interviewed 600 CIOs, CTOs, CISOs, data officers and data managers from organisations across all industries, from airlines to retail to telecommunications. 

And it was interesting to hear first-hand what they had to say about the current state of data processing. 

Data-driven innovation is certainly true, but is it enough? 

These practitioners told us that they recognize that data definitely has potential for innovation and revenue opportunities, but they struggle to harness this cost-effectively. 

For example, 56% of respondents said they have already achieved significant improvements in both CX and EX (customer and employee experience), and 44% saw data access directly translate to a 6-10% increase in profits. An impressive 20% of respondents put the figure at around 11-20%. By 2023, more than half (57%5) of the organizations we interviewed had introduced new products or services based on insights gained directly from data mining. 

However, 32 percent acknowledge that it could take three to six months to access the data needed to power the app. 37 percent say the process could take a full one to two months, and only a tiny fraction of two percent say they could access the data in "less than a week" or instantly. 

To clarify what we mean by “data,” we don’t mean transactional data such as EPOS data, but potentially useful data about customers and their behaviors and attitudes. 

When we say that, CISOs and data protection officers are quick to label this as "sensitive data," which results in this data being kept under lock and key with many doors locked. 

That's natural - for example, I don't mind people knowing what sandwich I bought at the petrol station, but I do mind people linking that purchase to my National Insurance number. 

Are data protection barriers set too high, resulting in millions (and in the case of UK companies, billions) of dollars in missed potential profits from data misuse? 

Could putting all your efforts into cyber be a huge mistake? 

 Yes and no. We need to protect our data  . These laws exist because of the shockingly bad behavior of some technology vendors. 

But there's a troubling confusion about what we're actually protecting here. IT departments are somehow obsessed with cybersecurity, but still don't have a good grasp on data security. 

So, while $180 billion is spent annually on cybersecurity, data security strategies are far less well understood and resourced. After all, cybersecurity is all there is to protect networks, infrastructure, and endpoints, but 99 times out of 100, malicious agents don't care about any of that - they're after your data. 

So, the current situation is that CIOs focus all their energy on cybersecurity and data privacy laws like GDPR, thinking that will solve their data problems. But by locking down data and essentially making it "invisible" to what you want to analyze with AI analytics, you're not piping oil, you're wasting oil. Fortunately, there are solutions that will satisfy all parties involved in storing and using customer data.  

Use appropriate technology to protect all confidential information 

The way out of this situation is to understand that there are proven and reliable ways for data scientists and machine learning platforms to access the data and do something with the transaction (or sell it to a third party) whilst still retaining 100% of the National Insurance number captured during your visit to the petrol station. 

The implementation of Privacy Enhancing Technologies (PET) such as encryption and anonymization replaces sensitive personal data with values ​​that prevent individual consumer data from being directly identified, thus insulating CIOs from any potential concerns and protecting confidential information. 

CIOs who participated in this survey told us that while most organizations have invested heavily in PET through encryption, pseudonymization and tokenization are less widely used and understood.  

Personally, I think that's a mistake, especially since pseudonymization is a highly efficient way to enable rapid analysis of customer and partner data while keeping it private and safe. 

Still, we are very encouraged that our analysis shows that data security needs to be reconsidered, with nearly all respondents (96%) saying they plan to invest some of their IT budget on the issue this year, and 49% believing it should be between 11% and 15% of their overall IT budget. 

Taken together, these figures show that business leaders recognize that data is their company's greatest asset, but at the same time, they are clamoring for ways to use it securely so they can analyze it and use it to their advantage without posing a risk to the business or anyone in its supply chain.  

Not long after the famous comparison of data to oil, Australian economist Michael Palmer noted that while crude oil has value, "it has no real use until it's refined." Could thinking about data rather than infrastructure security be the refining step we've missed? 

Paul Mountford  is CEO of  Protegrity . The full results of the research featured in this article, "The State of Data Security Optimization and Monetization",  can be found here.